Security

Navigating in the clouds

You are reading this in the cloud, sort of. You may of course be sitting nicely in your office chair or a bus seat, reading this on your computer screen or on the mobile phone. But you get it from the cloud.

I know, because I put it there! That is where it lives.

The background

A few years ago it would be natural for all of us to download something from a server somewhere, and only then start reading it in a program, that would be installed on our own computer. We would send funny pictures to each other through the company email system, and we would consider the internet as a place for finding things, not for using them. An archive or a library, perhaps, but nothing active.

Since then a lot has happened. Really! A lot!

Millions of CPUs with memory and disks have been installed in huge data centers around the globe, and this is now where almost everything is. All data is there and all programs are running there and you just see the result of it, adding some keystrokes and mouse clicks to the soup, mixed with pushes and swipes and voice commands and whatever is the latest fashion.

But then, still – in your company you may have some servers left with your on-premise software of various kinds, and I bet you have some database servers too, and some file servers, print servers – and all the PCs and Macs and mobile phones and laptops… and you keep programs and data there as well.

So now your data and functionality has been spread all over and is in the hands of lots of different people with different objectives and different views on security and speed of recovery.

The problem

Do you have any kind of overview on what you have and where it is?

If your PC breaks down or gets stolen, will you loose any data or do you have a copy somewhere else? Will the data be useful for a thief, maybe even threatening to the extent that a theft could cause serious damage to your company – or even close it altogether?

We often take the now for granted and consider it to be an expression of how the world in general is constructed. But it can all be changed tomorrow or in an hour, or a second.

The solution

Various threats exist and you can – and certainly should! – get antivirus and other malware protection on all your devices. You should get a backup of all your data, probably also of all your programs. And how about license codes, guidelines on how to reconstruct each server, each PC, etc. – you need, really, to make sure that all this is available and ready for an immediate reconstruction of your world at any time.

But first… how about trying to find out what you have and which importance it has to you and your company, document it and set up a strategy for maintaining this documentation and finding the best setup for your disaster recovery plan and its necessary assets?

This would help you in your GDPR compliance work too, as you can only fulfill the GDPR requirements if you know what you have on record and where it is, so that you can report it and delete it on request.

And the time is now

My suggestion is to start this documentation and strategy work ASAP and at the same time consider where in the world – and I really mean the whole world – it makes the best sense to keep each piece of data and each running system, so that you are covered with regards to data security, recovery, and requirements from authorities. And then you can conveniently consider prices and handling, the need for skills, etc. while you are at it.

Such an exercise should become part of a daily routine that will allow you to not only know where, in which cloud or on which local computer, you keep your data – but also why.